Access to a network for distributing digital content

ABSTRACT

A transmission of a digital content to a user terminal is managed by a network comprising a service subnetwork adapted for providing the terminal with a service token, and a digital contents distribution subnetwork which includes a control part and a transmission part. The control part of the distribution subnetwork receives a request from the user terminal for a digital content, indicating a service token. Next, if the service token is recognized as valid, an address relating to the distribution subnetwork is determined and a session token associated with said address is generated. A message indicating said address and the session token associated with said address is then transmitted to the user terminal.

The invention relates to the management of access to a network fordistributing digital content, particularly such access management whenbased on the use of tokens.

A content delivery network or CDN may comprise multiple servers whichcooperate with each other to send digital content to user terminals.However, a user can only access the digital content if he meets certaincriteria. Access to digital content can be controlled for example on thebasis of a subscription which gives the user access to certain digitalcontent, or on the basis of a payment made for each access to a digitalcontent item.

To achieve this, the architecture of such a network is based partly on aservice subnetwork, which handles verifying whether a user terminal hasthe right to access the digital content the user is requesting, andpartly on a digital content distribution subnetwork, which handlessending the digital content to a user terminal that has requested it. Inthis type of content delivery network, it is important to establishsecurity measures which control access to the delivered content.

In such an architecture, a user terminal first requests a digitalcontent item from the service subnetwork. Then, once this servicesubnetwork has decided that the user terminal has the right to accessthe requested digital content, it responds to this request byredirecting the terminal to one or more elements of the digital contentdistribution subnetwork able to deliver the requested digital content tothe user, or digital content servers.

In order to control and ensure the security of the distribution of thisdigital content to a user terminal, the service subnetwork can be set upto respond to the user terminal by indicating:

-   -   a URL (Uniform Resource Locator) address; and    -   a token.

Then the user terminal uses this URL address and this token to requestthe content concerned from the digital content server or servers.

Under these conditions, the digital content server provides therequested digital content to the user terminal only if the token isconsidered to be valid. Such a mechanism provides secure access to thedigital content.

However, even if the distribution subnetwork verifies the token beforedistributing the digital content, this mechanism is based on a securitymeasure which is applied at the level of the service subnetworkexclusively. Access to the requested digital content is based on a tokenwhich is provided by the service network.

The invention aims to improve the situation.

A first aspect of the invention proposes a method for managing thetransmission of a digital content item to a user terminal in a networkcomprising a service subnetwork adapted to provide the terminal with aservice token and a digital content distribution subnetwork whichincludes a control part and a transmission part, said service tokenbeing associated with an address of the distribution subnetwork;

said management method comprising the following steps in the controlpart of the distribution subnetwork:

/1/ receiving a request from the user terminal for a digital contentitem, indicating a service token;

/2/ if the service token is recognized as valid, determining an addressrelating to the distribution subnetwork and generating a session tokenassociated with said address; and

/3/ sending a message to the user terminal, indicating said address andthe session token associated with said address.

The term “digital content” is understood to mean any type of digitaldata corresponding to a content item or set of content items which canbe transmitted in the network concerned in the form of a data stream.Some examples are document data or image data or audio data or videodata, or multimedia data in general.

The term “token” is understood to mean a data item which gives theterminal that possesses it access to network equipment which is able tovalidate this token. A token therefore allows certifying the validity ofan access request. Its use provides network access security. Nolimitation is placed on the nature of the token. Here it is associatedwith an address. It could correspond to a signature for the address itis associated with or an encryption of this address, for example.

In the context of the invention, an address may correspond to a stringof standard characters serving to identify and locate resourcesavailable on a network, such as the Internet, and access them with abrowser. It could be a URL address for example. A URL address can besent via a protocol such as HTTP (HyperText Transfer Protocol) or via aweb page, for example. Here, the network comprises a service subnetworkand a distribution subnetwork. The service subnetwork is adapted toprovide the terminal with a service token. No limitation concerning thisaspect is placed on the invention.

The user terminal has a service token previously provided to it by theservice subnetwork. It can therefore request digital content from thedistribution network, indicating the service token. The first token (theservice token) represents a first level of security in the access to thedigital content distribution network, in the sense that the terminalindicates this service token in its request to the distributionsubnetwork. The distribution subnetwork can therefore verify at thispoint whether the user terminal has indeed been previously authorized bythe service subnetwork to obtain the digital content requested at theindicated address, because the service token must be associated withthis address, in one embodiment of the invention. For this purpose, theverification subnetwork comprises a control part and a transmissionpart. After its authorization by the service subnetwork, the userterminal is redirected to an address which corresponds to the controlpart of the distribution subnetwork. This control part can then generateanother token (the session token) if the service token associated withthe request from the user terminal appears to be valid. Then the sessiontoken is sent to the user terminal, indicating to the terminal anaddress redirection to the transmission part of the distributionsubnetwork which can actually send the desired digital content.

Note that these tokens are generated in a manner that is associated withthe respective addresses in the distribution subnetwork. Thisassociation of a token with the next address indicated, and thereforeselected for the user terminal, guarantees a certain level of securityagainst attacks based on capturing one of these tokens and fraudulentlyreusing it. These tokens cannot be used for any random address in thedistribution subnetwork, as they are each associated with specificaddresses in the distribution subnetwork.

Because of these arrangements, it is advantageously possible to applyverifications sequentially linked to each other in order to increase thelevel of security of such a digital content transmission network. Notethat the first token is linked to a first verification at the servicelevel, then the second token is only generated if the first token isrecognized to be valid in the transmission part of the network. Thesecond token is used for actually receiving the digital content at theuser terminal.

The first token, the service token, therefore corresponds to averification performed at the service level which gives access to thedistribution subnetwork. This is a first security measure implemented inthe service subnetwork.

Then the second token, the session token, corresponds to a verificationperformed at the transmission level on the basis of the firstverification. This is a second security measure implemented in thedistribution subnetwork. Advantageously, these two security measure canbe set up independently, as long as the service and distributionsubnetworks agree beforehand on the service tokens to be used. Thisindependence in the management can be very useful when the servicesubnetwork and the distribution subnetwork are not managed by the sameadministrator. The two administrators can then be relatively independentin defining their security rules.

It is thus possible to set up a security measure specific to the contentdistribution subnetwork, unlike in the prior art system. Thus thedistribution subnetwork can, for example, establish its own rules forshared key distribution, define a shared key size specific to itself, ordefine a suitable encryption algorithm. Under these conditions, a changein the security measures for the distribution subnetwork does not causea change in the security measures for the service subnetwork.

The two types of tokens used in this context correspond to two distincttypes of verification. In addition, they have a nested dependencybecause the second token is only generated if the first token isrecognized to be valid.

This sequence of nested verifications greatly increases the level ofsecurity.

In this advantageous context, a higher level of security can easily beput in place. Not only is the security of the network access based onthe use of a token generated at the service level and associated with afirst address, but the security of the access is also based on the useof an additional token generated at the digital content transmissionlevel and associated with a second address.

In addition, the service token and the session token may be associatedwith the user terminal. Such an association increases the level ofsecurity in the network concerned. It prevents reuse of the token by anyuser terminal other than the one associated with the token. In fact, ifthe distribution subnetwork stores the association between the servicetoken and the user terminal, it is then able to refuse any transactionwith another user terminal based on the same service token.

In step /2/, it is easy to allow determining a plurality of digitalcontent items available in the distribution subnetwork, as well asgenerating a plurality of session tokens respectively associated withsaid plurality of digital content items.

In step /2/, a plurality of addresses relating to the distributionsubnetwork can be determined and a plurality of session tokensrespectively associated with said plurality of addresses can begenerated.

By generating one token per address, the security level for the accessto a digital content item can thus be increased.

The session token can be protected using a session key which is sharedat the distribution subnetwork level. This further increases the levelof security in such a system.

It may also be advantageous to encrypt other parameters using the samekey. These same parameters are then sent to the distribution subnetwork,also in their encrypted form. In this manner, the level of security inthis digital content distribution network can be further increased.

In the context of the invention, it is easy to allow for generating oneunique service token per transaction with a user terminal. A userterminal can therefore have one unique certification element perpurchase transaction. This certification element provides increasedprotection against attacks.

Any request made at the distribution subnetwork level can be verified onthe basis of the service token. In the case where a new service token isgenerated at each request, it is easy to detect and refuse any newrequest for digital content that has already been distributed.

The use of a session token provides reliable control of which of theserver(s) of the distribution subnetwork will handle the transmission ofthe requested content and also to what recipient it is to be sent,regardless of how many elements of the network are involved in thedistribution of the digital content. The reliability of this control isdependent on the mechanism used for sharing session tokens in the CDN.

A second aspect of the invention proposes a method for managing thetransmission of a digital content item to a user terminal in a networkcomprising a service subnetwork and a digital content distributionsubnetwork which includes a control part and a transmission part;

said management method comprising the following steps in the servicesubnetwork:

/1/ receiving a request from the user terminal for a digital contentitem;

/2/ deciding whether to authorize the user terminal on the basis ofdecision criteria;

/3/ determining an address relating to the distribution subnetwork andgenerating a service token associated with said address; and

/4/ sending a message to the user terminal, indicating said address andthe associated service token.

Here, the user terminal is requesting a digital content item. Certaindecision criteria are taken into consideration in order to decidewhether the terminal is authorized to receive the digital contentrequested. No limitation is placed on the type of decision criteria tobe taken into account here.

These criteria may correspond to a subscription or to a paid amount, forexample.

It can be arranged so that, when a user terminal wants to receive adigital content item or a set of digital content items, it issues acorresponding request to the service subnetwork. This subnetwork canthen handle deciding whether or not the user terminal is authorized toreceive this digital content. Any type of authorization mechanism canthen be applied. In particular, it can be set up so that only the userterminals which have previously obtained a subscription to acorresponding service can receive this digital content. Or it could beset up so that the user terminal issues its request by paying an amountcorresponding to the unit cost associated with the digital content itemor set of digital content items.

Regardless of the mechanism used in the service subnetwork for decidingthat the user terminal is authorized to receive the requested digitalcontent, the service subnetwork then generates a first token for thisuser terminal (the service token). No limitation is placed on thegeneration of this type of token according to an embodiment of theinvention.

The service subnetwork then indicates, to the authorized user terminal,an address relating to the distribution subnetwork and the associatedservice token.

In one embodiment of the invention, the tokens are generated using asecret key. In general, a service key is available to the servicesubnetwork and a session key is available to the distributionsubnetwork. The service key is then also known to the distributionsubnetwork, to allow this network to verify the validity of the servicetoken indicated by a user terminal.

Thus, at the user terminal, the service token is received and indicatedin encrypted form using a service key known to both the servicesubnetwork and the distribution subnetwork; and the session token isreceived and indicated in encrypted form using a session key which isknown to the distribution subnetwork.

In one embodiment of the invention, the service subnetwork does not knowthe service key and it requests the encryption, sending the data to beencrypted to the distribution subnetwork. In addition, it is possiblefor the service key and session key to be identical.

By thus sharing a token between service and distribution and usingseveral types of tokens according to an embodiment of the invention, thelevel of security for accessing a digital content item in such a networkis increased.

It is therefore advantageously possible to decouple the purchasetransaction from the various corresponding digital content transmissiontransactions. It is also easy to track an authorized number oftransmission sessions for a service token generated for a given userterminal.

A third aspect of the invention proposes a method for managing thetransmission of a digital content item to a user terminal in a networkcomprising a service subnetwork and a digital content distributionsubnetwork which includes a control part and a transmission part;

said management method comprising the following steps at the userterminal:

/1/ requesting a digital content item from the service subnetwork;

/2/ receiving a first address relating to the control part of thedistribution subnetwork and a service token associated with said firstaddress;

/3/ requesting the digital content item from said first address,indicating the service token associated with said first address;

/4/ receiving a second address relating to the transmission part of thedistribution subnetwork and a session token associated with said secondaddress;

/5/ requesting the digital content item from said second address,indicating the session token associated with said second address; and

/6/ receiving the digital content.

The service token may be received and indicated in encrypted form usinga service key known to both the service subnetwork and the distributionsubnetwork; in this case, the session token is received and indicated inencrypted form using a session key which is known to the distributionsubnetwork.

In one embodiment, in step /4/, a plurality of addresses relating to thetransmission part of the distribution subnetwork and a plurality ofsession tokens respectively associated with said plurality of addressesare received; and

in step /5/, the digital content is requested from said plurality ofaddresses while respectively indicating the session tokens associatedwith said plurality of addresses.

By generating one token per address, the level of security for theaccess to the digital content can thus be increased.

It may also be arranged so that the service token and the session tokenare additionally associated with a transaction corresponding to step /1/and with a transaction corresponding to step /5/. Such an associationfurther increases the level of security in the network concerned. Itavoids any reuse by the same user terminal. To detect a token reusesituation regardless of whether the token is being reused by the userterminal concerned or by another user terminal, it is sufficient to havethe digital content management network store the association between atoken and the corresponding transaction. The token concerned can beassociated with a transaction identifier for the request in progress,either in the service subnetwork in step /1/ or in the control part ofthe distribution subnetwork in step /5/. It is sufficient, for example,to store an identifier for the transaction corresponding to step /1/ inassociation with the service token, and an identifier for thetransaction corresponding to step /2/ in association with the sessiontoken.

It may also be arranged so that the service token and the session tokenare additionally associated with a transaction corresponding to step /1/for the purchase of a set of digital content items. It may also bearranged so that the service token is additionally associated with a setof session tokens for a set of transactions corresponding to step /5/.Such an association not only further increases the level of security butalso allows having several transactions for the one transaction in step/1/ and therefore several deliveries corresponding to the associated setof content in step /5/ in the network concerned. This avoids aone-to-one correspondence between the service token and the sessiontoken. In addition, this allows optimizing the resources of the contentdistribution subnetwork because the controller for the distributionsubnetwork can select multiple sub-controllers for the digital contentdistribution and can generate one session token per selectedsubcontroller.

These associations may be stored in a database shared by the differentnetwork elements. They may also be directly stored locally in fileformat and shared across the network.

A fourth aspect of the invention proposes a controller for adistribution subnetwork, comprising a means for implementing a methodaccording to the first aspect of the invention.

A fifth aspect of the invention proposes a service subnetwork,comprising a means for implementing a method according to the secondaspect of the invention.

A sixth aspect of the invention proposes a network comprising a userterminal, a service subnetwork according to the fifth aspect of theinvention, a controller according to the fourth aspect of the invention,and a transmission part arranged to verify the validity of the sessiontoken.

A seventh, eighth, and ninth aspect of the invention proposes a computerprogram comprising instructions for implementing the method of thefirst, second, and third aspect of the invention respectively, when thisprogram is executed by a processor.

Other features and advantages of the invention will be apparent fromreading the following description of one of its embodiments.

The invention will also be better understood by examining the drawings,in which:

FIG. 1 illustrates a general architecture suitable for implementing amethod for managing the transmission of digital content according to afirst embodiment of the invention;

FIG. 2 illustrates the main steps of a method according to an embodimentof the invention, at a user terminal;

FIG. 3 illustrates an implementation of such a method in a digitalcontent distribution system according to an embodiment of the invention;

FIG. 4 illustrates an implementation of such a method in another digitalcontent distribution system according to an embodiment of the invention;and

FIG. 5 illustrates a user terminal, a service subnetwork, and adistribution subnetwork controller according to an embodiment of theinvention.

FIG. 1 illustrates a general architecture suitable for implementing amethod for managing the transmission of digital content according to anembodiment of the invention. A communication network 104 connects a userterminal 101, a service subnetwork 102, and a distribution subnetwork103. The user terminal 101 requests digital content from the servicesubnetwork 102 and receives it from the distribution subnetwork 103. Theservice subnetwork 102 receives a request for digital content from auser terminal and decides whether this user terminal is authorized toreceive the digital content it is requesting. No limitation is placed onthe invention concerning the making of this decision, or the types ofdecision criteria taken into account by the service subnetwork forauthorizing the transmission of the digital content to this userterminal.

When the service subnetwork decides to authorize this transmission, itprovides the user terminal with the data necessary to contact thedistribution subnetwork in order to receive the digital contentaccording to one embodiment. This architecture is based on twosubnetworks which each apply a verification, sequentially and in anested dependency, concerning the access to the digital contentrequested according to an embodiment.

FIG. 2 illustrates the main steps of a method for managing thetransmission of digital content in a network according to an embodimentof the invention, at a user terminal. Illustrating this method at theterminal allows illustrating both the interface with the servicesubnetwork and the interface with the distribution subnetwork. At a userterminal, in step 21, a digital content item is requested from theservice subnetwork 102. Then, in response, if the user terminal has theright to access this digital content, it receives in step 22 a firstaddress URL1 relating to the control subnetwork and a service tokenToken1 associated with the first address. Then, based on thisinformation received, the user terminal can request the digital contentfrom the distribution subnetwork. An address may correspond to a stringof standard characters serving to identify and locate resourcesaccessible on a network, such as the Internet, and access them with abrowser. It could be a URL address for example. A URL address can besent via the HTTP protocol or via a web page, for example.

In step 23, the user terminal is directed to the first address URL1 andprovides the associated service token to this first address. Morespecifically, the first address URL1 corresponds to a control entity ofthe distribution subnetwork. This control entity, or controller, is incharge of verifying the validity of the service token.

Next, if the service token is recognized to be valid, the controllerselects an entity of the transmission part which has the ability tomanage the transmission of the requested digital content. A secondaddress URL2 in the network corresponds to this entity of thedistribution subnetwork. The control entity then generates a sessiontoken Token2 associated with the second address URL2 for the userterminal. The selected entity of the transmission subnetwork is thenindicated to the user terminal by the second address URL2, inassociation with the generated session token Token2.

In step 24, the terminal receives this second address URL2 relating tothe digital content distribution subnetwork, and the associated sessiontoken.

Then, in step 25, the user terminal can request the digital content atthe second address, indicating the associated session token. The userterminal provides the session token to this second address. If thesession token is recognized to be valid, the user terminal can receivethe requested digital content in step 26.

Preferably, there is a service key for encrypting the service token inthe service subnetwork and for verifying it in a controller of thedistribution subnetwork. The service key is therefore shared by theservice subnetwork and the distribution subnetwork. However, it is quitepossible for the service key to be known to the distribution subnetworkwithout it being known to the service subnetwork. In this case, theinformation to be encrypted in the service subnetwork are sent to thedistribution subnetwork for encryption then resent to the servicesubnetwork in encrypted form.

FIG. 3 illustrates a digital content distribution architecture accordingto one embodiment of the invention.

A digital content distribution network may comprise a service subnetwork102 and a distribution subnetwork 103. The service subnetwork 102 maycomprise a plurality of service platforms adapted to generate servicetokens using service keys, such as a service key 360.

The distribution subnetwork 103 here comprises a controller 103-A whichgenerates session tokens using a session key 361. It also has a servicekey 360 available to it which allows it to verify the validity of aservice token received from a user terminal when the terminal requestsdigital content.

The distribution subnetwork 103 may additionally comprise several groupsof servers such as server group 104-X i to k and server group 104-Y i tok. These server groups are respectively controlled by subcontrollers103-B and 103-C (Cluster Controllers).

In one embodiment of the invention, the session key 361 is shared by allentities contained in the distribution subnetwork 103. Thus, regardlessof which entity or entities of the distribution subnetwork are involvedin the transmission of the digital content requested by the terminal,they are able to verify the session token used in encrypted form inorder to detect that it is valid.

It is also easy to have a session key managed by entity or for any groupof entities in the distribution subnetwork.

FIG. 3 illustrates exchanges of messages according to one embodiment ofthe invention. The user terminal 101 wants to receive a digital contentitem or a set of digital content items. It issues a request 301 to theservice subnetwork 102. Upon receipt of this message 301, a serviceentity of the service subnetwork verifies whether the user terminalmeets certain criteria for accessing this digital content, bysubscribing to a service which permits it to receive this digitalcontent or by a one-time payment for the digital content, for example.If this request is accepted at the service level, then at least a firstaddress URL1 in the distribution subnetwork 103 is selected and aservice token 350 is generated using a service key 360, in associationwith this first address.

The service token 350 is obtained from a set of associated informationwhen may comprise one, some, or all of the following elements:

-   -   an identifier for a digital content item or an identifier for a        set of digital content items;    -   a service subnetwork identifier;    -   a service identifier indicating a content distribution policy;    -   a transaction identifier;    -   a terminal identifier;    -   the address of a controller 103-A for the distribution        subnetwork 103.    -   a client identifier;    -   a token validity duration.

The client identifier may be its address in the network, for example anIP address or MAC address, or an Organizationally Unique Identifier orOUI, or a Fixed Access Remote IDentifier or FARID. The presence of thisterminal identifier allows preventing reuse by another terminal.

The service subnetwork identifier allows the entity of the distributionsubnetwork to determine which service key to use to verify the servicetoken.

The transaction identifier allows establishing a correlation between therequests for service made to the service subnetwork and laternotifications of content delivery relating to the distributionsubnetwork.

The address of the controller 103-A for the distribution subnetwork 103allows verifying that the user terminal 101 does not contact networkentities it is not authorized to access.

Optionally, the first address URL1 may also comprise a token validityduration, or a parameter limiting the number of authorized distributions(maximum number of authorized plays).

A fingerprint for this set of information (or application of a hashfunction to this set of information) can be calculated by applying agiven algorithm. This fingerprint can then be encrypted using theservice key 360 to obtain the service token 350. The predeterminedalgorithm may be a SHA-1 algorithm (Secure Hash Algorithm), for example.

As a variant, it is also possible to implement a method combining acalculation of the fingerprint using a cryptographic algorithm and theuse of a secret key, such as HMAC (Hash-based Message AuthenticationCode).

This set of information may also be associated with the first addressURL1.

The service token 350 thus ensures that the first address URL1 and theassociated information have not been modified. It also allowsauthenticating the origin of this first address URL1.

Next a message 302 is sent to the user terminal 101 indicating both thefirst address URL1 and the associated service token 350, and optionallythe associated information as well.

Upon receipt of this message 302, the user terminal sends a message 303to the indicated first address URL1, indicating the associated servicetoken 350 and optionally the associated information. This first addressURL1 is for a controller 103-A for the first distribution subnetwork103. This controller 103-A verifies the validity of the service tokenindicated in the message 303, on the basis of the service key 360 whichit also has available. No limitation is placed on the verification ofthe token validity. This verification is dependent on the type of tokenconcerned. For example, if the token corresponds to a signature for aURL address (by applying a hash function), then it can be arranged sothat a temporary token is generated from the address data, in an entityof the network, then this is compared to the current token. If the tokencorresponds to an encryption of the URL address data, a decryption canbe attempted. Then the data obtained by this decryption are checked forvalidity.

If the service token is recognized here as valid, then the controllerselects at least one second address URL2 of the distribution subnetwork,from which the requested digital content can be distributed, and itgenerates a session token 351 in association with this address URL2using its session key 361 which is shared in the distributionsubnetwork. When a set of digital content items is involved, a pluralityof digital content items available in the distribution subnetwork isdetermined and a plurality of session tokens respectively associatedwith said plurality of digital content items is generated.

The session token 351 is obtained from a set of associated informationwhich may comprise one, some, or all of the following elements:

-   -   an identifier for a digital content item or an identifier for a        set of digital content items;    -   a service identifier indicating a content distribution policy;    -   a transaction identifier;    -   a controller identifier in the distribution subnetwork;    -   a terminal identifier;    -   a client identifier;    -   a service subnetwork identifier;    -   a token validity duration.

To avoid the reuse of user requests by a third party or by the userterminal itself, it can easily be arranged so that the subnetwork storescertain data carried in the URL address, and does so for the length ofthe session corresponding to the delivery of the digital content.

Typically, these stored data may be at least one from among thefollowing: the transaction identification, the token itself, anothernonce value corresponding to a unique identifier for each request fordigital content and valid for a limited time. Some or all of these datamay be stored in a database shared by the various elements of thenetwork, or kept directly in file format on a hard drive of one of thenetwork servers and exchanged between the network entities. Such astorage method may be used in particular when the identifier is notalready present or a modification to it is requested. If the identifieris already present, the network can then refuse to process the requestreceived.

The controller 103-A sends a message 306 to the user terminal indicatingboth this second address URL2 and the associated session token 351. Thesecond address URL2 may correspond to the subcontroller for digitalcontent servers 103-B. In that case, upon receipt of this message 306,the user terminal accesses the subcontroller 103-B and provides it withthe session token 351 via a message 307. This session token 351 is thenverified on the basis of the session key 361 shared in the distributionsubnetwork. If the session token is considered to be valid, then thesubcontroller 103-B acknowledges receipt of the request from the userterminal via an “ACK” message 309. After receipt of the message 309, theterminal can then order the streaming of the digital content by issuinga play command via a message 310, or stop streaming of this content by a“stop” command via a message 310.

These various actions ordered by the user terminal 101 via a message 110are sent to the subcontroller 103-B which relays these commands to theservers of the server cluster it is responsible for (servers 104-X i, j,k . . . ). Then, depending on the actions required, the server orservers 104-X send the requested digital content via a data stream 312.

The exchanges were illustrated above using a specific example in whichthe controller 103-A selects a single subcontroller 103-B, to provide asimple case as an illustration. As represented in FIG. 3, the controller103-A selects two subcontrollers 103-B and 103-C for managing thetransmission of the requested digital content. It therefore selects boththe address URL2 for the subcontroller 103-B and the address URL3 forthe subcontroller 103-C. It should be noted that it generates onesession token per selected subcontroller. The session token isassociated with a particular subcontroller. This association allowsguaranteeing a level of access security within the distributionsubnetwork. It is then impossible for the user terminal to access asubcontroller other than the one that is selected.

Therefore the controller 103-A generates another session token 352associated with another address URL3 for the subcontroller 103-C. Inthis case the user terminal receives a message 306 comprising onesession token per URL address. More specifically, this message 306comprises the address URL2 associated with the session token 351 and theother address URL3 associated with the other session token 352. Thisother session token 352 is then provided during an exchange 307′ withthe subcontroller 103-C. The subcontroller 103-C is able to verify thevalidity of this session token on the basis of the session key 361.

The same mechanisms for the digital content as described for thesubcontroller 103-B apply for the subcontroller 103-C in relation to theserver cluster 104-Y i to k.

One can therefore see that the method is applicable to a variable numberof subcontrollers, with the controller 103-A determining the number ofsubcontrollers involved in the distribution as a function of the digitalcontent desired. Each subcontroller then distributes a portion of thecontent.

In one variant, a single session token 351 can be generated foraccessing the subcontrollers involved in the distribution of thecontent.

FIG. 4 illustrates another digital content distribution networkarchitecture according to an embodiment of the invention. Thisarchitecture differs from the previous one illustrated in FIG. 3 in thatthe servers are themselves able to receive and manage the commands fromthe user terminal. In order to maintain a level of access security, theservers here are able to verify the validity of the session tokensreceived from the user terminals. For this purpose, the servers haveaccess to the session key 361 shared in the distribution subnetwork.

FIG. 4 therefore differs from FIG. 3 in that, upon receipt of themessage 307, the subcontroller 103-B verifies the validity of thesession token 351 and directs the user terminal 101 to an address URL4which corresponds to that of a server in the server cluster it isresponsible for, by issuing a message 309 which indicates the addressURL4 for the server 104-X,i for example.

Here, it can be arranged so that the server 104-X,i verifies thevalidity of the request from the terminal based on the session token 351used for the verification at the subcontroller 103-B. In this case(illustrated), the session token 351 is sent to the server correspondingto the address URL4, via an exchange 313. This server is able to verifyit on the basis of the session key 361. Then, after the validity of thesession token has been verified, the user terminal can command actionson the requested digital content. A data stream 312 is then sent fromthe server concerned to the user terminal 101, controlled by thecommands.

Alternatively, the subcontroller 103-B may generate a new session tokenthat it sends in the message 309 in association with the address URL4.In this case, the new session token is indicated in a first exchange ofinformation with the servers 104-X,i concerned. This new session tokenis then verified at this server. Next the user terminal 101 can issuecommands for the requested digital content, such as “play” or “stop” forexample. A data stream 312 is then sent from the server concerned to theuser terminal 101, controlled by the commands.

FIG. 5 illustrates a user terminal 101 according to one embodiment ofthe invention. It comprises:

-   -   a first interface 51 with the service subnetwork, adapted to        request a digital content item and to receive a first address        relating to the control part of the distribution subnetwork and        an associated service token;    -   a second interface 52 with the distribution subnetwork, adapted        to:        -   request the digital content from said first address,            indicating the associated service token;        -   receive a second address relating to the transmission part            of the distribution subnetwork and an associated session            token;        -   request the digital content from said second address,            indicating the associated session token; and        -   receive the digital content.

FIG. 5 also illustrates a service subnetwork 102, which comprises:

-   -   a unit 53 for interfacing with a user terminal, adapted to:        -   receive a request for digital content from the user            terminal; and        -   if applicable, send a message indicating said address and            the associated service token to the user terminal;    -   a decision unit 54 which decides whether to authorize the user        terminal on the basis of decision criteria; and    -   a determination unit 55 which determines an address relating to        the distribution subnetwork and generates an associated session        token.

FIG. 5 also illustrates a controller 103-A for a distribution subnetwork103, comprising:

-   -   an interface unit 56 which receives a request for digital        content from the user terminal indicating a service token, and        which, if applicable, sends a message to the user terminal        indicating said address and the associated session token;    -   a control unit 57 which verifies the validity of the service        token; and    -   a determination unit 58 which determines an address relating to        the distribution subnetwork and generates an associated session        token.

A subcontroller 103-B for a distribution subnetwork 103 comprises acontrol unit able to verify the validity of the session token.

1. A method for managing the transmission of a digital content item to a user terminal in a network comprising a service subnetwork adapted to provide the terminal with a service token and a digital content distribution subnetwork which includes a control part and a transmission part, said service token being associated with an address of the distribution subnetwork; said management method comprising the following steps in the control part of the distribution subnetwork: /1/ receiving a request from the user terminal for a digital content item, indicating a service token; /2/ if the service token is recognized as valid, determining an address relating to the distribution subnetwork and generating a session token associated with said address; and /3/ sending a message to the user terminal, indicating said address and the session token associated with said address.
 2. The management method according to claim 1, wherein in step /2/ a plurality of addresses relating to the distribution subnetwork is determined and a plurality of session tokens respectively associated with said plurality of addresses is generated.
 3. The management method according to claim 1, wherein the session token is protected using a session key which is shared at the distribution subnetwork level.
 4. A method for managing the transmission of a digital content item to a user terminal in a network comprising a service subnetwork and a digital content distribution subnetwork which includes a control part and a transmission part; said management method comprising the following steps in the service subnetwork: /1/ receiving a request from the user terminal for a digital content item; /2/ deciding whether to authorize the user terminal on the basis of decision criteria; /3/ determining an address relating to the distribution subnetwork and generating a service token associated with said address; and /4/ sending a message to the user terminal, indicating said address and the service token associated with said address.
 5. The management method according to claim 4, wherein the service token is sent in encrypted form using a service key, said service key also being known in the distribution subnetwork.
 6. A method for managing the transmission of a digital content item to a user terminal in a network comprising a service subnetwork and a digital content distribution subnetwork which includes a control part and a transmission part; said management method comprising the following steps at the user terminal: /1/ requesting a digital content item from the service subnetwork; /2/ receiving a first address relating to the control part of the distribution subnetwork and a service token associated with said first address; /3/ requesting the digital content item from said first address, indicating the service token associated with said first address; /4/ receiving a second address relating to the transmission part of the distribution subnetwork and a session token associated with said second address; /5/ requesting the digital content item from said second address, indicating the session token associated with said second address; and /6/ receiving the digital content.
 7. The management method according to claim 6, wherein the service token is received and indicated in encrypted form using a service key known to both the service subnetwork and in the distribution subnetwork; and wherein the session token is received and indicated in encrypted form using a session key which is known in the distribution subnetwork.
 8. The management method according to claim 6, wherein, in step /4/, a plurality of addresses relating to the transmission part of the distribution subnetwork and a plurality of session tokens respectively associated with the plurality of addresses are received; and wherein, in step /5/, the digital content is requested from said plurality of addresses while respectively indicating the session tokens associated with the plurality of addresses.
 9. A service subnetwork in a digital content management network additionally comprising a digital content distribution subnetwork which includes a control part and a transmission part; said service subnetwork comprising: a unit for interfacing with a user terminal, adapted to: receive a request for digital content from the user terminal; and if applicable, send a message to the user terminal indicating said address and the service token associated with said address; a decision unit which decides whether to authorize the user terminal on the basis of decision criteria; and a determination unit which determines an address relating to the distribution subnetwork and generates a service token associated with said address.
 10. A controller for a distribution subnetwork in a digital content management network additionally comprising a service subnetwork adapted to provide a terminal with a service token, said distribution subnetwork including a control part and a transmission part, said controller comprising: an interface unit which receives a request for digital content from the user terminal indicating a service token, and which, if applicable, sends a message to the user terminal indicating an address and a session token associated with said address; a control unit which verifies the validity of the service token; and a determination unit which determines said address relating to the distribution subnetwork and generates a session token associated with said address.
 11. A network for managing the transmission of digital content to a user terminal, said network comprising: a service subnetwork according to claim 9; and a digital content distribution subnetwork which includes a controller for a distribution subnetwork in a digital content management network additionally comprising a service subnetwork adapted to provide a terminal with a service token, said distribution subnetwork including a control part and a transmission part, said controller comprising: an interface unit which receives a request for digital content from the user terminal indicating a service token, and which, if applicable, sends a message to the user terminal indicating an address and a session token associated with said address; a control unit which verifies the validity of the service token; and a determination unit which determines said address relating to the distribution subnetwork and generates a session token associated with said address; and a transmission part arranged to verify the validity of the session token.
 12. A non-transitory computer program product comprising instructions for implementing the method according to claim 1 when this program is executed by a processor.
 13. A non-transitory computer program product comprising instructions for implementing the method according to claim 4 when this program is executed by a processor.
 14. A non-transitory computer program product comprising instructions for implementing the method according to claim 6 when this program is executed by a processor. 